Can't reach to a FreeBSD 5.3 machine trough a ppp connection

Mauricio Brunstein brunstein at arnet.com.ar
Wed Nov 24 09:59:22 PST 2004 

 
Hi!

I'm installing a machine that will be a firewall and a samba server for a 4
people office. The machine has 2 NICs and is connecting to the Internet
using PPPoE. It is using pf and ALTQ. Initially there was problems to
establish the PPPoE connection in the office, using the same ppp.conf that
previously worked in my lab (only changing the username/passwd). Here is my
ppp.conf file:

 server:~ $ sudo cat /etc/ppp/ppp.conf
default:
 set log Phase Chat LCP IPCP CCP tun command
 set device PPPoE:fxp0 
 set mtu 1492
 set mru 1492
 enable mssfixup
 set speed sync
 disable acfcomp protocomp
 deny acfcomp
 set authname xxxxxxxxx
 set authkey    xxxxxxxxx
 add default HISADDR
 enable lqr
 set lqrperiod 25
 enable dns

I got some messages in ppp.log like this one, 

Nov 23 15:00:35 server ppp[533]: tun0: LCP: deflink: -- Protocol 0x8057
(Internet Protocol V6 Control Pro
tocol) was rejected!
Nov 23 15:00:41 server ppp[533]: tun0: Phase: deflink: IPV6CP protocol
reject closes IPV6CP !

After that added  "disable ipv6cp", and commented out  "enable lqr" and
"set lqrperiod 25" and the connection didn't drop anymore.  It seems that
this provider doesn't support lqr.

It appeared that everything was working fine, but when I tried to use ssh to
login to this box from outside was not possible.  After some time of issuing
the ssh command, get the following error:
ssh: connect to host dsuaya.ath.cx port 22: Operation timed out.

After some tests, I discovered that changing router_enable to "YES" in the
/etc/rc.conf  solved the problem. 

But in the section "21.2.1.5 Final System Configuration" of the FreeBSD
handbook  states:

"Make sure the router program set to NO with following line in your
/etc/rc.conf:
router_enable="NO"
It is important that the routed daemon is not started (it is by default), as
routed tends to delete the default routing table entries created by ppp."

So, is there another manner to resolve this? Note that I'm always able to
establish connections from this box to a host in the Internet but I can't
establish a connection from that hosts to this one if router_enable="NO".

Thanks in advance,

Mauricio.

Some data of interest:

server:~ $ uname -a
FreeBSD server.estudio 5.3-RELEASE-p1 FreeBSD 5.3-RELEASE-p1 #1: Tue Nov 23
02:13:24 ART 2004     root at server.estudio:/usr/obj/usr/src/sys/GENERICWALTQ
i386
server:~ $


server:~ $ cat /etc/rc.conf
# -- sysinstall generated deltas -- # Sun Nov 21 13:07:41 2004
# Created: Sun Nov 21 13:07:41 2004
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
#
hostname="server.estudio"
ifconfig_rl0="inet 192.168.2.1  netmask 255.255.255.0"
netd_enable="YES"
saver="dragon"
scrnmap="NO"
sshd_enable="YES"
sshd_flags="-4 -p 22"
usbd_enable="YES"
network_interfaces="lo0 tun0 rl0"
fconfig_tun0=
router_enable="YES"        # remember to disable this!!!!!
#router_enable="NO"              # Set to YES to enable a routing daemon.
router="/sbin/routed"           # Name of routing daemon to use if enabled.
router_flags="-q"               # Flags for routing daemon.

gateway_enable="YES"          # Set to YES if this host will be a gateway
pf_enable="YES" # Enable PF (load module if required)
pf_rules="/etc/pf.conf"         # rules definition file for pf
pf_flags=""                     # additional flags for pfctl startup
#pflog_enable="YES"              # start pflogd(8)
#pflog_logfile="/var/log/pflog"  # where pflogd should store the logfile
#pflog_flags=""                  # additional flags for pflogd startup

inetd_enable="YES"               # Run the network daemon dispatcher
(YES/NO).
inetd_program="/usr/sbin/inetd" # path to inetd, if you want a different
one.
inetd_flags="-wW -C 60"         # Optional flags to inetd

server:~ $

server:~ $ cat /etc/start_if.tun0
ppp -ddial default; /usr/local/etc/ez-ipupdate.conf


_______________________________________________
freebsd-stable at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"

More information about the freebsd-questions mailing list